Vulnerabilities > Hashicorp > Vagrant Vmware Fusion
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-29 | CVE-2017-16873 | Unspecified vulnerability in Hashicorp Vagrant VMWare Fusion It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges. | 7.8 |
| 2018-03-29 | CVE-2017-16839 | Unspecified vulnerability in Hashicorp Vagrant VMWare Fusion 5.0.4 Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed. | 7.0 |
| 2018-03-29 | CVE-2017-16512 | Race Condition vulnerability in Hashicorp Vagrant VMWare Fusion 5.0.2/5.0.3/5.0.4 The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available. | 7.8 |
| 2017-10-31 | CVE-2017-15884 | Race Condition vulnerability in Hashicorp Vagrant VMWare Fusion 5.0.0 In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. | 7.0 |
| 2017-10-19 | CVE-2017-12579 | Uncontrolled Search Path Element vulnerability in Hashicorp Vagrant VMWare Fusion An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell. | 7.8 |
| 2017-08-08 | CVE-2017-11741 | Incorrect Default Permissions vulnerability in Hashicorp Vagrant VMWare Fusion HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts. | 8.8 |
| 2017-08-02 | CVE-2017-7642 | Untrusted Search Path vulnerability in Hashicorp Vagrant VMWare Fusion The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable. | 7.8 |